On Thu, 12 Jul 2001, Allen P. Numerick wrote:
> I have to agree w/ Ron. Very very few admins know how or even heard the
> phase "harden the box". hell you mention that phase and they look at you
> like your stupid! Harden any box, inside or out! Harden it! Damn admins,
> they get a cert and think they know the world.
yup... how does one get them to do it ??? besides them scrambling
after the fact that the firewall didnt protect them ...
> Basically, you only need one firewall. If they hack it, u're LOS. However,
> if your OS's are harden you greatly reduce the risk of any more damage. Oh,
> and be sure to harden the firewall OS. If your policy is to go down and
> ipfwd is off. They have to hack the firewall OS.
if the admin is NOT willing to live without a firewall and base the
servers integretity to protected against script kiddies... than they need
to do what is needed to get comfy to live w/o a firewall ...
a well-hardened server is BETTER than a misconfigured firewall and generic
servers
and similarly hardned network policy to prevent a hacked box from being
used to hack and sniff to get into the other servers on the network
c ya
alvin
http://www.Linux-Sec.net
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
